acm-header
Sign In

Communications of the ACM

Home/News/Hackers Exploit Backdoor Built Into Zyxel Devices/Full Text
ACM TechNews

Hackers Exploit Backdoor Built Into Zyxel Devices

By Ars Technica
January 6, 2021
Comments
View as: Print Mobile App Share:
A Zyxel USG40 Unified Security Gateway.

Hackers are trying to exploit a backdoor built into some Zyxel device models used as VPNs, firewalls, and wireless access points by thousands of individuals and businesses.

Credit: Zyxel

Niels Teusink, a researcher at Netherlands-based security firm Eye Control, found that hackers are attempting to exploit a backdoor built into several Zyxel device models used as VPNs, firewalls, and wireless access points by thousands of individuals and businesses.

This backdoor is an undocumented user account with full administrative rights that is hardcoded into the device’s firmware, which can be accessed over SSH or through a Web interface.

Said Teusink, "An attacker could completely compromise the confidentiality, integrity and availability of the device.”

A fix already is available for firewall models and will be available Jan. 8 for AP controllers.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account